Yesterday, I found two of my cloud servers had been hacked. The servers’ CPU was always 100% and I found a suspicious process. After terminating the suspicious process, the system got back normal and CPU was no longer 100%. However, the suspicious process came back and CPU was 100% again. So I cleaned the whole system by checking my ssh public-key authentication file, cron job, deleting all malicious files and stopping all unnecessary services. I was watching the system whole day and the virus didn’t come back.
Read more
